From e571428e21280c28d0d591b70f13add7d8dbfe81 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 15 Dec 2015 10:48:10 +0800
Subject: Update to openssl to 1.0.2e

Also update Cryptlib to edk2 r19218
- Undefine NO_BUILTIN_VA_FUNCS in Cryptlib/OpenSSL/ for x86_64 to use
  the gcc builtins and remove all EFIAPI from the functions
- Move the most of defines into the headers instead of Makefile
- Remove the global variable 'timeval'
- Remove the unused code: crypto/pqueue/* and crypto/ts/*
- Include bn.h in MokManager.c due to the changes in openssl

Signed-off-by: Gary Lin <glin@suse.com>
---
 Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c |  2 +-
 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c   |  4 +++-
 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c  | 11 +++++------
 3 files changed, 9 insertions(+), 8 deletions(-)

(limited to 'Cryptlib/OpenSSL/crypto/rsa')

diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
index cc9c3ce5..f591f0fd 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
@@ -270,7 +270,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
 {
     const unsigned char *p;
     int plen;
-    if (alg == NULL)
+    if (alg == NULL || alg->parameter == NULL)
         return NULL;
     if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
         return NULL;
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
index 2465fbde..7f7dca39 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
@@ -69,6 +69,8 @@
 #include <openssl/rsa.h>
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+                                         BN_GENCB *cb);
 #endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
@@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
 #ifdef OPENSSL_FIPS
     if (FIPS_mode())
-        return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+        return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
 #endif
     return rsa_builtin_keygen(rsa, bits, e_value, cb);
 }
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
index 19461c63..82ca8324 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
@@ -218,14 +218,13 @@ int int_rsa_verify(int dtype, const unsigned char *m,
             memcpy(rm, s + 2, 16);
             *prm_len = 16;
             ret = 1;
-        } else if (memcmp(m, s + 2, 16))
+        } else if (memcmp(m, s + 2, 16)) {
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-        else
+        } else {
             ret = 1;
-    }
-
-    /* Special case: SSL signature */
-    if (dtype == NID_md5_sha1) {
+        }
+    } else if (dtype == NID_md5_sha1) {
+        /* Special case: SSL signature */
         if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
         else
-- 
cgit v1.2.3